The Hacker News

FreePBX Patches Critical SQLi, File-Upload, and AUTHTYPE Bypass Flaws Enabling RCE

FreePBX patched 2025 flaws allowing SQL injection, file upload attacks, and an auth bypass only when webserver AUTHTYPE was ...
GovInfoSecurity

Breach Roundup: DPRK-Linked EtherRAT Targets React2Shell

This week, likely North Korean hackers exploited React2Shell. The Dutch government defended its seizure of Nexperia. Prompt ...

Prompt injection attacks might 'never be properly mitigated' UK NCSC warns

Prompt injection and SQL injection are two entirely different beasts, with the former being more of a "confusable deputy".
Infosecurity Magazine

UK NCSC Raises Alarms Over Prompt Injection Attacks

The UK’s National Cyber Security Centre has warned of the dangers of comparing prompt injection to SQL injection ...
Computer Weekly

NCSC warns of confusion over true nature of AI prompt injection

Malicious prompt injections to manipulate generative artificial intelligence (GenAI) large language models (LLMs) are being ...
Bleeping Computer

Microsoft to secure Entra ID sign-ins from script injection attacks

Microsoft plans to enhance the security of the Entra ID authentication system against external script injection attacks starting in mid-to-late October 2026. This update will implement a strengthened ...
Forbes

AI Hacks AI: Cybercriminals Unleash An AI-Powered, Self-Replicating Botnet

Hackers use AI to generate attack code targeting AI infrastructure, and then getting compromised AI systems to find others to attack, researchers warn in a new report. Hackers have started using large ...
Infosecurity-magazine.com

Chinese Hackers Automate Cyber-Attacks With AI-Powered Claude Code

For the first time in history, cyber malicious actors have used Anthropic’s Claude Code, a generative AI coding assistant, to conduct cyber-attacks. The attackers are likely Chinese state-sponsored ...
Benzinga.com

Don't Copy That Code! The New 'ClickFix' Cyber Attack Can Infect Your Computer In Seconds

A new cyber threat called ClickFix is reportedly spreading rapidly online, using fake emails, websites and search results to trick users into pasting a single line of code that instantly infects their ...
ZDNet

Google spots malware in the wild that morphs mid-attack, thanks to AI

Google detected novel adaptive malware in the wild. This new malware uses LLMs to dynamically generate code. Google also listed other new key trends in cyberattacks. The use of artificial intelligence ...
CBS News

FBI says "potential terrorist attack" thwarted in Michigan, 5 people arrested

FBI Director Kash Patel says a "potential terrorist attack," allegedly targeting Halloween weekend in Michigan, was thwarted by the FBI on Friday morning. Five people between the ages of 16 and 20 ...
NBC News

AI browsers are here, and they're already being hacked

AI-infused web browsers are here and they’re one of the hottest products in Silicon Valley. But there’s a catch: Experts and the developers of the products warn that the browsers are vulnerable to a ...